module IapJwtAssertion

Constants

ALGORITHM
PUBLIC_KEYS_URL

Public Instance Methods

authenticate?(token, aud: kid = get_kid(token)) click to toggle source 
# File lib/iap_jwt_assertion.rb, line 11
def authenticate? token, aud:
  kid = get_kid(token)
  pubkey = get_key(kid)

  begin
    payload, header = JWT.decode(token, pubkey, true, {algorithm: ALGORITHM})

    if payload['aud'] != aud
      return false
    end
  rescue => e
    return false
  end

  return true
end
decode(token) click to toggle source 
# File lib/iap_jwt_assertion.rb, line 28
def decode token
  kid = get_kid(token)
  pubkey = get_key(kid)

  return JWT.decode(token, pubkey, false, {algorithm: ALGORITHM})
end
fetch_public_keys() click to toggle source 
# File lib/iap_jwt_assertion.rb, line 52
def fetch_public_keys
  response = Net::HTTP.get(URI(PUBLIC_KEYS_URL))
  response_hash = JSON.parse(response)
  public_keys = response_hash.map {|kid, pubkey| [kid, OpenSSL::PKey::EC.new(pubkey)]}.to_h

  return public_keys
end
get_key(kid) click to toggle source 
# File lib/iap_jwt_assertion.rb, line 40
def get_key kid
  if @public_keys.nil? || !@public_keys.has_key?(kid)
    @public_keys = fetch_public_keys

    if !@public_keys.has_key?(kid)
      raise "kid was not found in the list of public keys."
    end
  end

  return @public_keys[kid]
end
get_kid(token) click to toggle source 
# File lib/iap_jwt_assertion.rb, line 35
def get_kid token
  payload, header = JWT.decode(token, nil, false)
  return header['kid']
end